This technical article demonstrates how information held in a MySQL database can be used to automatically escalate an alert based on the relative criticality to the business.

The EIF probe and postzmsg commands are used to generate test alerts.

Configuration Data

The data that we will used to determine the severity of an incoming alert will be held in an external database. Instructions for creating the database and sample data in either MySQL or DB2 are given below:

Build the solution

Create a new project

- Log into Impact as the admin or other suitably permissioned user- Select the NCI (assuming the default names have been used) server instance if you need to- Select the Projects tab- Click the New Projects + icon- Enter a project name (orbEventEnrichment)- Click OK

Create the Event Source

- Make sure the orbEventEnrichment project is selected in the Projects drop down box- Drop down the Data Sources And Types menu- Select ObjectServer- Click the + icon- Enter the Data Source Name as NCOMS- Enter the Username as root- Disable Backup- Enter the hostname where the ObjectServer resides for the Primary Source- Click the Test Connection button to make sure everything is OK- Click OK

Create the Data Source to access the cmdb database (MySQL)

- Drop down the Data Sources And Types menu- Select MySQL- Click the + icon- Enter the Data Source Name as CMDB- Enter an appropriate username and password- Disable Backup- Enter the Host Name, Port and the Database as cmdb- Click the Test Connection button to make sure everything is OK- Click OK

Create the Data Source to access the cmdb database (DB2)

- Drop down the Data Sources And Types menu- Select DB2- Click the + icon- Enter the Data Source Name as CMDB- Enter an appropriate username and password - Disable Backup- Enter the Host Name, Port and Database as cmdb- Click the Test Connection button to make sure everything is OK- Click OK

Create the Device Data Type (MySQL)

- Drop down the Data Sources And Types menu- Click the + icon next to CMDB- Enter Devices as the Data Type Name- Make sure CMDB is selected as the Data Source Name- Make sure the Enabled checkbox is selected- In the Table Description section, select cmdb from the Base Label drop down box- Select Device from the drop down box next to it- Click Refresh, this should bring back the table fields- Make Hostname the key field- Select Hostname as the Display Name Field- Click the Save icon (floppy disk) and then close the tab

You should end up with something like this:

Create the Device Data Type (DB2)

- Drop down the Data Sources And Types menu- Click the + icon next to CMDB- Enter Devices as the Data Type Name- Make sure CMDB is selected as the Data Source Name- Make sure the Enabled checkbox is selected- In the Table Description section, enter Device into the Base Label text box - Click Refresh, this should bring back the table fields- Make Hostname the key field- Select Hostname as the Display Name Field- Click the Save icon (floppy disk) and then close the tab

You should end up with something like this:

Create the Department Data Type (MySQL)

- Drop down the Data Sources And Types menu- Click the + icon next to CMDB- Enter Department as the Data Type Name- Make sure CMDB is selected as the Data Source Name- Make sure the Enabled checkbox is selected- In the Table Description section, select cmdb from the Base Label drop down box- Select Department from the drop down box next to it- Click Refresh, this should bring back the table fields- Make DeptName the key field- Select DeptName as the Display Name Field- Click the Save icon (floppy disk) and then close the tab

Create the Department Data Type (DB2)

- Drop down the Data Sources And Types menu- Click the + icon next to CMDB- Enter Department as the Data Type Name- Make sure CMDB is selected as the Data Source Name- Make sure the Enabled checkbox is selected- In the Table Description section, enter Department into the Base Label text box- Click Refresh, this should bring back the table fields- Make DeptName the key field- Select DeptName as the Display Name Field- Click the Save icon (floppy disk) and then close the tab

Create a Dynamic Link

This will establish a relationship between the Device and Department information. In this example, Device Facility and Department Location are related i.e. if a device at a facility fails, a department at the same location will be impacted.

- Drop down the Data Sources And Types menu- Click the Devices Data Type (the actual word Devices)- Select the Dynamic Links tab- Click the New Link by Filter icon - Select Department as the Target Data Type- Enter a filter of Location = '%Facility%'- Click OK- Click the Save icon and then close the tab

Test the Link

- Drop down the Data Sources And Types menu- Click the View Data Items icon for Devices- Click the view linked data icon for one of the servers- This should bring a window showing the associated Departments

Create the Policy

For this example, the Operations department is considered to be critical to the business. If any devices located at the same facility fail, we want to automatically increase the severity of the associated alert.

To do so the policy must first determine the facility of the device by querying the Device data source. Then it must find the departments at that location, this time by using the dynamic link.

Finally, each department at the location is checked. If the Operations department is impacted, the severity of the alert is increased.

- Drop down the Policies menu- Select the Custom template- Click the + icon- Name the policy orbEventEnrichment and click Save

Writing code within the browser editor can be a bit awkward, especially when it comes to indentation. You may find it easier to use an other editor, such as vi, and then copy and paste the code in. To help with indentation I would recommend expanding tabs, which can be done in vi with the following settings (add to .exrc file to make permanent):

set expandtabset shiftwidth=4set softtabstop=4set tabstop=4

The policy code:

,

/*
Policy: orbEventEnrichment
Author: Ant Mico
Date : February 2009
Desc : Sample policy demonstrating so key Impact policy
functionality. Loosely based on the example given
in the Solution Guide (with the errors removed!).
*/
// Set up some variables that are used by the logging function
policyName = "orbEventEnrichment";
debugLevel = 1;
// Log a start up message
// Note the use of a library policy which contains regularly used functions
// This is a normal policy, just need to fully qualify the function to access it
orbFunctionLibrary.orbLogger(debugLevel, policyName, "START");
// Query the Devices DataType
// We assume that the Node field in the Omnibus alert correlates with the Hostname
dataType = "Devices";
filter = "Hostname = '" + @Node + "'";
countOnly = False;
// GetByFilter will return an array with the matching Data Items
devices = GetByFilter(dataType, filter, countOnly);
// The Length() function returns the number of elements in the array
If ( Length(devices) < 1 )
{
orbFunctionLibrary.orbLogger(debugLevel, policyName, "No devices found.");
}
Else
{
index = 0;
While ( index < Length(devices) )
{
msg = "Device " + devices[index].Hostname + " is in the " + devices[index].Facility + " facility.";
orbFunctionLibrary.orbLogger(debugLevel, policyName, msg);
index = index + 1;
}
// Now we can use the link to get the impacted Departments
// Create an array in which the target DataType is stored
dataTypes = { "Department" };
// Set the filter and maximum rows to return
filter = NULL;
maxToReturn = 10000;
departments = GetByLinks(dataTypes, filter, maxToReturn, devices);
If ( Length(departments) < 1 )
{
orbFunctionLibrary.orbLogger(debugLevel, policyName, "No departments found.");
}
Else
{
index = 0;
While ( index < Length(departments) )
{
// Store the array element in a separate variable to
// make accessing it easier
dept = departments[index];
msg = "Department " + dept.DeptName + " is impacted.";
orbFunctionLibrary.orbLogger(debugLevel, policyName, msg);
// Check to see if it is the Operations department
If ( dept.DeptName == "Operations" )
{
// It is, so set the event Severity field to 5 (Critical)
// Note that the @ syntax is shorthand for the EventContainer
// variable which contains the event under consideration.
// The other way to access it would be EventContainer.Severity
@Severity = 5;
// This next bit is important. Once the event has been
// changed we must return it so that it gets updated in
// Omnibus. Note the use of the EventContainer variable.
ReturnEvent(EventContainer);
}
index = index + 1;
}
}
}
orbFunctionLibrary.orbLogger(debugLevel, policyName, "FINISH");

,

Note the use of the orbLogger function, which resides in a policy called orbFunctionLibrary. This is just another normal policy but it demonstrates how functions can be referenced across policies. This is very useful for grouping regularly used bits of code.

- Drop down the Services menu- Select OmnibusEventReader from the menu- Click the + icon- Enter the service name as orbOmnibusEventReader- Change the Data Source to be NCOMS- Select the Event Mapping tab- Click the New Mapping button- Enter the Filter Expression Node LIKE '^server[0-9]+$' so that only alerts from servers that match this filter will trigger the policy- Select the orbEventEnrichment policy as the policy to run- Check the Active checkbox- Click OK- Click OK- The service should appear in the Service Status window at the bottom left of the page, as shown below:

Start the orbOmnibusEventReader service

- Click the start button - Click the log button to see what it is doing - You should see the EventReader periodically querying the ObjectServer for alerts

About Us

Orb Data brings together People, Process and Technology to deliver the cornerstone of business success: the management of IT infrastructure. At our heart are our people. We have unrivalled experience, helping us to achieve an enviable reputation for excellence in project delivery. Because we’re independent, we identify actual issues and help organisations resolve them –from spec to deployment, and beyond –providing the right solution in terms of best of breed technology and support. We offer a refreshingly simple approach to the way we conduct business. We take pride in our abilities to provide first class solutions to business problems, and to conduct working relationships with honesty and integrity.